CRS – Justice Department’s Role in Cyber Incident Response

“Criminals and other malicious actors increasingly rely on the Internet and rapidly evolving technology to further their operations. In cyberspace, criminals can compromise financial assets, hacktivists can flood websites with traffic—effectively shutting them down, and spies can steal intellectual property and government secrets. When such cyber incidents occur, a number of questions arise, including how the federal government will react and which agencies will respond. The Obama Administration, through Presidential Policy Directive/PPD-41, outlined how the government responds to significant cyber incidents. Responding to cyber incidents involves (1) threat response, (2) asset response, and (3) intelligence support. The Department of Justice (DOJ), through the Federal Bureau of Investigation (FBI, or the bureau) and National Cyber Investigative Joint Task Force (NCIJTF), is the designated lead on threat response, which involves investigating and attributing specific cyber activities to particular individuals or entities as well as facilitating intelligence and information sharing. In investigating cyber incidents, the FBI’s Cyber Division focuses on “high-level intrusions by state-sponsored hackers and global cyber syndicates, and the most prolific botnets.” In addition to conducting its own cyber investigations, the FBI leads the NCIJTF, a multi-agency hub for coordinating, integrating, and sharing information on cyber threat investigations; heads up other task forces and law enforcement partnerships focused on cyber threat response, including cyber task forces with subject matter experts at each field office, cyber action teams that can rapidly deploy in response to specific incidents, and cyber assistant legal attachés positioned in certain foreign countries to work with U.S. counterparts; has established several initiatives to interface with the private sector regarding cyber incidents; these resources (such as the Internet Crime Complaint Center, IfraGard program, and National Cyber-Forensics and Training Alliance) collect and share information, build partnerships, and enhance cyber threat awareness; has been working to recruit and retain an appropriate cyber workforce and has developed a multi-layered cyber training program for its agents; and has been discussing with the technology community and policymakers how evolving technology, such as encrypted communications and devices, affects investigations, particularly in cyber-related cases, and how law enforcement can develop tools to investigate these cases most effectively. Relating to the FBI’s work in combating and responding to cyber threats, one question policymakers may have is how the bureau prioritizes cyber threats. DOJ’s Inspector General, while noting strides in this arena, has recommended that (1) the FBI should use a more data-driven, objective methodology to identify and prioritize cyber threats, and (2) the FBI should develop a means to track agent time spent on specific cyber threats. Policymakers may elect to conduct oversight of the FBI’s efforts in these areas, examine whether any changes to cyber threat prioritization affect where cyber threats rank within the broader universe of threats confronting the nation, and debate whether or how to direct the FBI’s use of funds allocated to combating cyber threats.”

Subscribe to our Mailing List

Follow beSpacific

Searchable Database – Over 45,000 Postings

Searchable database of over 45,000 postings!

Support beSpacific

Research updates provided daily since 2002, with an emphasis on primary sources.

Awards for BeSpacific

American Bar Association

BeSpacific: “No one better has her finger on the pulse of the legal information world than Sabrina Pacifici, law librarian and author of the blog BeSpacific,” writes blogger Robert Ambrogi. “Launched in 2002, BeSpacific is one of the longest-running legal blogs and, remarkably, Sabrina seems more prolific today than ever. She posts multiple items every day, covering the gamut of law, technology and knowledge discovery and topics ranging from cybersecurity to legal research to government regulation to civil liberties to IP and more. For me, BeSpacific is one of my daily must-reads and has been for 14 years straight.”

Pages

LLRX

Sabrina is also the solo Editor, Publisher and Founder of LLRX.com® – Legal, technology and knowledge discovery resources on the “moving edge” for Librarians, Lawyers, Researchers, Academic and Public Interest Communities – launched in 1996.